Ecocide and Corporate Accountability: Board Governance in a Criminalising Landscape

Quick Read

Ecocide is transitioning from a regulatory compliance issue to a criminal liability matter, with the EU Environmental Crime Directive requiring member states to introduce criminal provisions for severe environmental destruction by May 2026, and personal liability for directors now a material governance risk. Supply chain accountability, attribution science, and independent auditable evidence of environmental due diligence are becoming board-level governance imperatives, as environmental violations shift from administrative penalties to potential criminal conduct with consequences for both corporations and individuals.

1. Executive Summary

Corporate environmental accountability is entering a new phase. The criminalisation of mass environmental destruction is no longer a fringe legal theory; it is entering national law, being discussed at the International Criminal Court and moving into board-level governance debates faster than many organisations realise.

This whitepaper makes five arguments.

First, ecocide is becoming a criminal law issue. Environmental violations that were historically treated as administrative or regulatory matters are increasingly being framed as criminal conduct with consequences for corporations and individuals.

Second, the EU Environmental Crime Directive is a major turning point. It requires member states to introduce criminal provisions for severe environmental destruction, including offences described as comparable to ecocide.

Third, environmental liability is becoming personal. Boards and senior executives need to understand where personal liability begins and what genuine, documented due diligence requires.

Fourth, the risk does not stop at the factory gate. Supply chain due diligence, nature-related accountability and deforestation-linked regulation are extending environmental responsibility across the full value chain.

Fifth, good governance is now evidentiary. The question is not only whether an organisation has policies, but whether it can demonstrate - with independent, auditable evidence - that environmental risks were known, taken seriously and actively managed.

The question for boards is no longer whether environmental harm is a sustainability topic. It is whether the organisation has the governance, systems and evidence to show that it understood and managed the risk before it became personal.

Whitepaper roadmap

2. Ecocide is becoming a crime and your board needs to understand what that means

The criminalisation of mass environmental destruction is no longer a fringe legal theory. It is entering national law across Europe, being proposed at the International Criminal Court, and it is moving faster than most boards realise.

A concept whose time has come

For most of modern corporate history, environmental violations have been treated as administrative matters - fines, remediation orders, licence conditions. Serious, occasionally costly, but fundamentally regulatory in character. The emerging law of ecocide changes that calculus entirely. Ecocide - broadly defined as the widespread, severe or systematic destruction of ecosystems - is being codified as a criminal offence and the penalties attaching to it are not administrative. They are criminal. They attach to individuals. They attach to the people who authorised the conduct, signed off on the strategy and sat on the board when the decisions were made.

The concept is not new. The term 'ecocide' was first recorded at the Conference on War and National Responsibility in Washington in 1970 and was used by Swedish Prime Minister Olof Palme at the first UN Conference on the Environment in 1972, in the context of Agent Orange use in Vietnam. From the 1970s onwards, many academics and legal scholars argued for the criminalisation of ecocide.[1] What is new is the political and legal momentum that has built in the last five years and the speed at which that momentum is translating into binding law.

Where the law already stands

This is not a distant prospect. Belgium has already enacted ecocide as a crime in its new penal code, with penalties of up to 20 years imprisonment for individuals and fines of up to €1.6 million for corporations. France introduced a national ecocide offence in 2021, providing for up to 10 years imprisonment for those committing offences which 'cause serious and lasting damage to health, flora, fauna or the quality of the air, soil or water.' The French law also places an obligation on the government to report to parliament on its action to secure recognition of ecocide as an international crime.[2] Multiple former Soviet states - including Russia, Ukraine and Kazakhstan - already have ecocide provisions in their criminal codes, with sentences of up to 20 years.

At the EU level, the Environmental Crime Directive requires all 27 member states to introduce criminal provisions for environmental destruction comparable to ecocide by May 2026. Germany published its implementing draft legislation in October 2025.[3] Scotland's parliament voted 90 to 26 to progress an Ecocide Prevention Bill introduced by Monica Lennon MSP, with the relevant committee recognising that ecocide must be treated as 'grave criminal wrongdoing.'[4]

The legal definition and its implications

The legal definition that underpins most of this legislative activity was developed in 2021 by an independent panel of top international criminal and environmental lawyers convened by Stop Ecocide Foundation. It defines ecocide as 'unlawful or wanton acts committed with knowledge that there is a substantial likelihood of severe and either widespread or long-term damage to the environment being caused.' This definition has been formally proposed as an amendment to the Rome Statute of the International Criminal Court by Vanuatu, Fiji and Samoa.[5]

The phrase 'with knowledge' is critical. It means that what decision-makers knew, when they knew it and what they chose to do with that knowledge is the foundation of criminal culpability. The definition does not require intent to destroy - only that the person in question knew, or ought to have known, that the substantial likelihood of severe damage existed. This sets a standard that most senior executives in environmentally intensive industries already meet in terms of available information. The science of environmental risk has been extensively documented for decades. The argument that a board did not know is becoming harder to sustain.

Ecocide law is not a reputational issue for the sustainability team. It is a governance issue for the board.

What boards should be doing now

For boards and management teams, the implications are practical and immediate. The first question is whether your organisation's activities - or the activities of your supply chain - create material exposure to the emerging definition of ecocide. The second is whether your environmental management systems are operating at a standard that demonstrates genuine due diligence. The third is whether you have independent, documented evidence of that standard - not self-reported assurances, but verified, auditable proof that would withstand examination in a criminal proceeding.

The fourth question, which fewer boards are asking, is whether your disclosure accurately reflects your environmental impacts. Misrepresentation of environmental performance is not just a reputational issue in this new legal environment - it compounds the underlying liability. A company that destroys an ecosystem and then misrepresents what happened faces a more serious position than one that destroyed the ecosystem and disclosed it accurately. Boards that are treating environmental disclosure as a communications exercise rather than a legal document are accumulating risk on two fronts simultaneously.

Ecocide law is not a reputational issue for the sustainability team. It is a governance issue for the board. The time to understand it is before it becomes personal.

3. The EU Environmental Crime Directive: What boards must know before May 2026

The EU has already legislated. Member states are now implementing it. Every company operating in or supplying into Europe needs to understand what the new criminal framework means for them.

The Directive in context

In April 2024, the European Union adopted its Environmental Crime Directive - formally Directive (EU) 2024/1203 - which fundamentally changes the criminal liability landscape for environmental destruction across the bloc. This Directive replaces two earlier instruments - Directives 2008/99/EC and 2009/123/EC - and represents a significant expansion in both the scope of criminal environmental offences and the seriousness of the penalties attached to them. The deadline for all 27 member states to transpose it into national legislation is 21 May 2026.[3]

Germany is one of the first to act, having published its implementing draft in October 2025. Stop Ecocide International has confirmed that Germany is among the leaders on transposition, with campaigners describing the EU framework as 'now beginning to take shape in national legislation' and noting that it 'sits within a wider global shift towards criminalising mass harm to nature.'[6]

What the Directive actually requires

The Directive does several things that boards need to understand. First, it significantly expands the range of environmental conduct that constitutes a criminal offence, covering damage to habitats, water, soil, air quality and biodiversity in ways that go substantially beyond existing national environmental criminal codes in most member states. The list of predicate offences is broad and includes the unlawful operation of industrial plants, unlawful discharge of pollutants, the killing or destruction of protected species and habitats and the unlawful trade in wildlife.

Second, and most significantly, it introduces a category of 'qualified offences' for conduct that causes widespread, long-lasting, or irreversible damage to the environment - explicitly described in the Directive's own recitals as conduct 'comparable to ecocide.' Recital 21 states that 'the consequences of intentional environmental crimes that are catastrophic in scale and comparable to ecocide should themselves constitute criminal offences.' These are not administrative violations. They are serious criminal offences with the most serious penalties in the Directive's framework.[3]

The penalties

For natural persons - individuals - member states are required to provide maximum custodial sentences of at least five years for standard offences rising to at least ten years for qualified offences comparable to ecocide. For legal persons - corporations - the Directive requires fines of at least 3% of worldwide annual turnover for the most serious qualified offences. It also permits additional sanctions including temporary or permanent exclusion from public procurement, temporary prohibition on carrying out commercial activities and mandatory remediation of environmental damage.[3]

To appreciate the scale of the corporate fine exposure: a company with €5 billion in global annual turnover faces potential fines of at least €150 million under the Directive's minimum standard. Member states are free to set higher penalties and several are expected to do so. The Directive also requires that criminal liability can attach not just to the individuals who directly caused the damage, but to those whose decisions enabled it - specifically including senior management and board members who authorised or failed to prevent the conduct.

The negligence threshold

A critical point that most boards have not yet registered is that the conduct threshold for criminal liability under the Directive is lower than most executives assume. The Directive covers damage caused by negligence as well as intention for many of its offences. This is not a law that requires a company to have set out deliberately to destroy an ecosystem. For negligent conduct, the threshold is whether a person in a position of responsibility failed to exercise the standard of care that their role required, in circumstances where the risk of serious environmental damage was known or should have been known.

In an era where the scientific understanding of environmental risk is extensive and publicly documented, and where regulators have published detailed guidance on specific environmental hazards, the argument that a senior executive 'did not know' about a material risk is becoming very difficult to sustain. Negligence is established by reference to what a reasonable person in that role, with access to that information, ought to have done. Boards that have not actively reviewed their environmental risk exposure against this standard are already in a potentially exposed position.

Supply chain and deforestation provisions

The Directive also criminalises the placing on the EU market and export of certain raw materials and products associated with deforestation and forest degradation, tracking the EU Deforestation Regulation. This is a significant expansion of criminal liability into supply chain management. The analysis by Pohlmann and Company notes that 'as it remains unclear when Article 3 of the [EU Deforestation] Regulation will take effect, implementation of the corresponding penalties will be deferred to a separate legislative project' - but the direction is unambiguous.[3]

The businesses that will be best positioned when this law lands in national courts are those that have built and independently verified environmental management systems capable of demonstrating that the risks were known, were taken seriously and were actively managed. That is not a standard any board should be trying to meet retrospectively. The May 2026 transposition deadline is not the date by which companies need to start thinking about this. It is the date by which most of Europe's major economies will have criminal law in place to enforce it.

4. When environmental liability becomes personal: What ecocide means for directors

Corporate fines are painful. Criminal charges against individual executives are career-ending. Boards need to understand where personal liability begins and what it takes to demonstrate genuine due diligence.

The shift from organisational to personal

There is a particular quality of attention that corporate governance issues attract when they become personal. Climate risk, biodiversity loss and environmental liability have been discussed in boardrooms for years - but largely as organisational risks. As long as the exposure was framed in terms of fines, regulatory sanctions and reputational damage to the company, it was possible to treat them as management issues to be delegated downward. Ecocide law changes that entirely. The criminal frameworks being enacted across Europe and proposed at the International Criminal Court are designed to reach the individuals who make decisions - not just the legal entities that bear the consequences of them.

This shift is not accidental. The architects of ecocide law have been explicit about why individual criminal liability is essential to the framework's purpose. Administrative fines, however large, are absorbed into corporate cost structures. They are provisioned for, insured against and in some circumstances passed on to customers. Criminal liability for individuals cannot be provisioned for or insured against. It cannot be delegated to a subsidiary. It attaches to the person who made the decision and its consequences are personal and permanent.

The legal architecture of personal liability

The EU Environmental Crime Directive requires that criminal liability attach to persons in leading positions within organisations. The legal test in most of these frameworks centres on knowledge. The phrase that appears consistently in ecocide legislation is 'committed with knowledge that there is a substantial likelihood of severe and widespread or long-term damage.' This is not a test of intent to cause harm. It is a test of informed decision-making in the presence of documented risk.[3]

A non-executive director who sat on an audit or risk committee when environmental management systems were discussed and who failed to probe the adequacy of those systems, is not necessarily protected by the corporate veil. The Ecocide Law Alliance has confirmed in published guidance that the law is aimed at 'those most powerful players in industry and government, where a lack of responsibility and failure to adhere to existing regulation or rights frameworks can result in entire ecosystems being threatened or destroyed.'[7]

The role of non-executive directors

Non-executive directors occupy a particularly exposed position in this new legal environment. Their traditional defence - that they rely on management representations and are not responsible for operational decisions - is inadequate when the risk in question is well-documented, legally prescribed and the subject of explicit regulatory guidance. A non-executive director's duty of care requires them to bring independent judgement to bear on material risks facing the organisation. Environmental liability under ecocide-comparable standards is now a material risk in any jurisdiction subject to the EU Directive or to comparable national law.

This does not mean that every non-executive director needs to be an environmental lawyer or an ecosystem scientist. It means that they need to be able to ask the right questions: Is our environmental management system independently certified? What is the scope and quality of our third-party assurance? Has the board received independent advice on our ecocide exposure, not just a management briefing? Are there activities in our operations or supply chain that a prosecutor or regulator could characterise as causing widespread or long-term environmental damage? If the answer to any of these questions is unclear, that is itself a governance failure.

D&O insurance and its limits

Directors and officers insurance provides important protection for civil claims, but its relevance to criminal liability is limited. Most D&O policies explicitly exclude coverage for criminal acts or deliberate wrongdoing. As environmental criminal liability expands through the EU Directive and national implementing legislation, the assumption that D&O insurance provides a safety net for environmental governance failures needs to be revisited. Boards that have not reviewed their D&O coverage in the context of the emerging ecocide framework - specifically in relation to what is and is not covered under criminal proceedings - are operating with a risk management blind spot.

What documented due diligence looks like

The defence that is available - and it is a real one - is documented due diligence. A director who can demonstrate that they ensured appropriate environmental management systems were in place, that those systems were independently verified against recognised standards such as ISO 14001, that they received credible third-party assurance over the organisation's environmental performance and that they acted on what the evidence showed, is in a fundamentally different position to one who relied on self-reported management assurances and never looked behind them.

The documentation of that due diligence matters as much as the diligence itself. Board minutes that record the questions asked, the assurance reports reviewed and the actions taken in response to identified risks are the contemporaneous evidence of governance quality. Directors who take environmental governance seriously but do not document that they have done so are in a weaker position than their conduct warrants. In any legal proceeding, the record of what the board did is as important as what it decided.

Personal liability in environmental law is not new. What is new is the criminal standard, the expanding definition of what constitutes serious environmental harm and the increasingly sophisticated legal and scientific infrastructure for attributing that harm to named decision-makers. Boards that are not actively reviewing their environmental governance against this new standard are accumulating personal risk they may not yet be able to see.

5. Ecocide and the supply chain: Why your liability does not stop at your factory gate

The most significant ecocide exposures for most companies are not in their own operations. They are in the upstream supply chains they depend on and the downstream uses of what they produce. Boards need to look further than they have been looking.

The broken assumption

One of the most consequential aspects of the emerging ecocide legal framework - and one of the least discussed in boardrooms - is the question of supply chain liability. The intuitive assumption is that a company's environmental liability is bounded by its direct operations. What happens in its own facilities, under its own operational control, is its responsibility. What happens in the operations of its suppliers, contractors and raw material producers is their responsibility. That assumption is being systematically dismantled by the legal frameworks now in force and in development across major trading jurisdictions.

The dismantling is happening simultaneously on several fronts: criminal law, civil liability and mandatory due diligence regulation. Each of these fronts is moving independently and in the same direction. The cumulative effect is that a company's legal exposure for environmental destruction now extends, in principle, as far as its supply chain extends - which for most multinationals means into every continent and dozens of jurisdictions, including those with the most biodiverse and most threatened ecosystems on earth.

The EU Deforestation Regulation

The EU Deforestation Regulation, which entered into force in 2023, makes supply chain environmental liability concrete and immediate. It requires companies placing cattle, soy, palm oil, timber, cocoa, coffee, rubber and their derivative products on the EU market to prove that those products have not contributed to deforestation or forest degradation. The due diligence obligation is the company's, not the supplier's. Non-compliance carries fines of up to 4% of EU annual turnover. The regulation explicitly requires traceability to the plot of land where the commodity was produced - not to the supplier, but to the geographic origin.[8]

This is a remarkable standard. It requires companies to know not just who they buy from, but where that supplier's output originated - and to have documentary evidence that the land in question was not subject to deforestation after December 2020. For companies with complex, multi-tier supply chains spanning dozens of countries and hundreds of suppliers, this is a fundamentally different level of due diligence from anything previously required. Supplier declarations and contractual warranty clauses are not adequate. The regulation requires verified evidence.

The TNFD and broader nature accountability

The Taskforce on Nature-related Financial Disclosures (TNFD) framework asks companies to assess their nature-related dependencies and impacts across their full value chain - not just Scope 1 direct operations, but the upstream extraction, land use and ecosystem impacts embedded in their supply chains and the downstream consequences of what they produce. The TNFD framework has been adopted by over 400 leading organisations globally and is being integrated into mandatory reporting expectations by regulators in the UK, EU, Japan and Singapore.[9]

Under TNFD, a food and beverage company that sources ingredients from suppliers whose production causes significant biodiversity loss is expected to identify, assess and disclose that exposure - even if the company has no direct operational presence in the affected ecosystem. This is the logic of value chain accountability applied to nature, mirroring the Scope 3 emissions framework that has already been established for greenhouse gases. The parallel is not accidental: the architects of TNFD deliberately modelled it on the TCFD climate framework precisely because the accountability mechanisms that proved effective for carbon are now being applied to nature.

Criminal liability in the supply chain

Beyond the disclosure frameworks, the criminal liability dimension is where supply chain risk becomes most acute. The ecocide frameworks being enacted across Europe do not limit criminal liability to the company that directly caused the destruction. The EU Environmental Crime Directive's framework on corporate liability requires examination of whether an offence was committed 'for the benefit of a legal person' - a formulation that can extend to companies that commissioned, purchased from, or otherwise financially benefited from environmentally destructive activity, even if they did not conduct it directly.

The Grantham Research Institute at the London School of Economics has noted that climate and environmental plaintiffs are now extending their targets beyond energy companies into 'animal farming and transport, as well as the food and retail sectors.' This broadening is consistent with the logic of supply chain liability - once the legal tools exist to hold downstream companies accountable for upstream destruction, the range of targets expands rapidly.[10]

Practical implications for boards

For boards, the practical implication is that supply chain due diligence is now an environmental governance issue at the same level of seriousness as direct operational performance. Knowing what your major suppliers are doing to the ecosystems in which they operate is no longer optional information. It is a compliance requirement in some jurisdictions, an emerging legal liability in others and a reputational and financial risk in all of them. The companies that have invested in supply chain traceability, supplier environmental auditing and verified procurement standards are building positions of genuine advantage. Those still relying on supplier self-declarations and contractual warranties are carrying exposure they have not yet measured.

The ecocide exposure most likely to produce headlines over the next decade will not come from a company's own facilities. It will come from a catastrophic environmental event traced back through a supply chain to a commodity used in a branded product, sold by a company whose board had access to information about the risk and chose not to look at it too closely. The boards that understand this now and act on it are the ones that will not be in that story.

6. The ICC proposal: What it would mean for business if ecocide becomes an international crime

Vanuatu, Fiji, Samoa and the DRC have formally proposed ecocide as a fifth crime at the International Criminal Court. If adopted, the implications for corporate governance would be unlike anything the business world has faced before.

The ICC and why it matters

The International Criminal Court prosecutes individuals - not states and not corporations - for the most serious crimes known to international law: genocide, crimes against humanity, war crimes and the crime of aggression. It is the court of last resort for the gravest offences, created to ensure that individuals in positions of power could be held personally accountable for catastrophic harm. The proposal to add ecocide as a fifth crime at the ICC is not a symbolic gesture. It is a proposal to place mass environmental destruction in the same moral and legal category as genocide. If it is adopted, the implications for corporate governance will be without precedent in the history of business regulation.

The formal proposal

In a formal submission to the ICC's Assembly of States Parties in late 2024, Vanuatu, Fiji and Samoa formally proposed the amendment to the Rome Statute. They have been joined by the Democratic Republic of the Congo. The Congo Basin Climate Commission, representing 17 states, has called for ecocide to be recognised as an international crime. The UN Secretary-General has described its inclusion as 'highly desirable.' The UN High Commissioner for Human Rights has stated that 'recognition of environmental crimes, including the crime of ecocide, by international, regional and domestic legal systems would strengthen accountability for environmental harms.' At least 24 ICC member states have been discussing it at parliamentary and government level.[11]

The legal process

The process for adding a fifth crime to the Rome Statute is demanding but has clear procedural steps. Any state party may propose an amendment. The proposal must be submitted at least three months before the General Assembly of States Parties, held each December in The Hague. A simple majority at that meeting enables the amendment to enter consideration. A Crime Review Conference may then be convened, or negotiation may proceed via formal and informal discussion. With the agreement of at least two-thirds of member states - currently 83 of 124 - the amendment is adopted into the Statute, following which ratification and enforcement can proceed. Once ratified by a state, the crime applies to conduct on that state's territory or by its nationals.[12]

The principle of complementarity means the ICC acts where national courts fail to do so - but its existence changes the calculus for national prosecutors regardless. The addition of ecocide to the Rome Statute would signal to every national legal system in the world that the international community regards mass environmental destruction as a category of wrongdoing that warrants the most serious available legal response. National prosecutors who might previously have treated environmental destruction as an administrative matter would face a different political and legal context.

Universal jurisdiction

Beyond the ICC itself, the Rome Statute framework includes universal jurisdiction principles. Under these principles, any ratifying nation may, on its own soil, arrest a non-national for ecocide committed elsewhere, as long as it considers the crime to be serious enough.[13] For executives of multinationals who travel regularly - to attend board meetings, investor days, conferences - this creates a practical exposure that extends well beyond the jurisdictions in which their companies operate. An executive responsible for authorising environmental destruction in a country with weak enforcement could theoretically be arrested in any ratifying state through which they transit.

The expert panel definition

The legal definition available for adoption was developed in June 2021 by the Independent Expert Panel convened by Stop Ecocide Foundation, co-chaired by Philippe Sands KC and Dior Fall Sow. The panel included some of the world's leading international criminal and environmental lawyers. The definition they developed - covering 'unlawful or wanton acts committed with knowledge that there is a substantial likelihood of severe and either widespread or long-term damage to the environment being caused' - has been widely accepted as the working definition in subsequent legislative and diplomatic discussions.[14]

'I'm absolutely convinced that this crime of ecocide will be adopted. The only issue is not whether, but when and in what form.' - Professor Philippe Sands KC

What ratification means for business

For the corporate world, the significance of an ICC ecocide amendment is less about the practical likelihood of a CEO being tried at The Hague - that threshold is high and the ICC's caseload is already significant - and more about what international criminal recognition signals and enables. Every major shift in environmental accountability has followed a period in which the moral and scientific case became impossible to ignore at the international level. The ICC proposal represents that inflection point for ecocide. The legislation, litigation and regulatory action that follows international criminal recognition is what boards should be preparing for. The amendment is the legal declaration that this is serious. The consequences will be felt principally through national law.

The companies that have treated their environmental management systems, governance frameworks and disclosure practices as genuine reflections of responsible stewardship are well positioned for what is coming. Those that have treated them as compliance exercises are not. The trajectory is clear and the direction of travel has not changed. The only variable is timing.

7. Ecocide, attribution science and the emerging case for corporate liability

Scientists can now trace specific economic losses back to named corporate emitters. As attribution science matures, the legal case for holding companies responsible for environmental destruction is becoming harder to contest.

The collapse of scientific uncertainty as a defence

For decades, the central legal defence available to companies facing environmental liability claims was scientific uncertainty. Even where damage was documented and causation plausible, the complexity of ecological systems and the diffuse nature of most corporate environmental impacts made it difficult for plaintiffs to establish the specific causal chain required by most legal frameworks. A company could acknowledge that climate change was occurring, that its operations contributed to greenhouse gas concentrations and that environmental damage was escalating - and still argue that the causal chain from its specific emissions to a specific plaintiff's specific loss was too attenuated to support liability. That defence is losing its foundations faster than most corporate legal teams have registered.

How attribution science works

Attribution science is the field of research that quantifies the relationship between specific human activities and specific environmental outcomes. At its foundation is the discipline of climate attribution - the use of physical climate models to determine how much a particular weather event, temperature trend, or ecosystem change was influenced by human-induced greenhouse gas concentrations. This has been an established scientific field since at least the early 2000s and the quality and specificity of its outputs have improved dramatically with advances in computational power, model resolution and observational data.

The critical frontier in the last decade has been the step from attributing climate change to human activity in general, to attributing specific environmental outcomes to the emissions of specific named companies. Previous attribution models relied on concentrations of atmospheric greenhouse gases - a metric that cannot be traced to individual sources. The breakthrough has been in simulating emissions directly, allowing researchers to model what warming would have occurred in a counterfactual world where a specific company's emissions did not exist and comparing it to the world that actually occurred.

The landmark 2025 Nature study

A landmark study published in Nature in April 2025 established an end-to-end attribution framework that traces warming, extreme weather events and measurable economic losses directly back to the emissions of individual companies, using their own reported Scope 1 and Scope 3 data. The study's senior author, Professor Justin Mankin of Dartmouth College, stated: 'We argue that the scientific case for climate liability is closed, even if the future of these cases remains an open question.' The framework estimated that extreme heat linked to just 111 companies cost the global economy $28 trillion from 1991 to 2020, with $9 trillion of those losses attributable to the five top-emitting firms. The highest-emitting investor-owned company in the study may be responsible for between $791 billion and $3.6 trillion in heat-related losses over that period.[15]

The study's methodology is significant for legal purposes because it is transparent, peer-reviewed and reproducible - exactly the characteristics that courts require of expert scientific evidence. It does not rely on proprietary models or contested assumptions. It builds on established, published methods for each step of the attribution chain, from company-level emissions to atmospheric warming to regional temperature change to economic losses. The result is a framework that can be presented in court as mainstream science, not advocacy.

The Carbon Majors Database

The framework relies in part on the Carbon Majors Database, which traces 1,388 GtCO₂e of cumulative historical emissions from 1854 through 2023 to 180 named industrial producers. This database is already embedded in US state legislation. New York and Vermont have passed Climate Superfund Acts requiring fossil fuel companies responsible for significant emissions to pay into state funds for climate damage repair and adaptation, with the Carbon Majors Database as the proposed tool to quantify each company's liability. Legal advocacy groups have also cited it to support potential criminal charges against fossil fuel executives for reckless endangerment.[16]

Lliuya v. RWE - attribution science in the courtroom

Attribution science was applied directly in the landmark Lliuya v. RWE case, decided by the Higher Regional Court of Hamm in Germany in May 2025. The plaintiff, Peruvian farmer Saúl Luciano Lliuya, argued that RWE's historic carbon emissions had contributed to melting glaciers above his home in Huaraz, Peru, raising the risk of a catastrophic glacial lake outburst flood. He sought partial damages proportionate to RWE's share of global industrial emissions since 1751 - approximately 0.47% - as calculated using the Carbon Majors database.[17]

The court accepted the attribution science methodology. It confirmed that, based on attribution science, it could compare RWE's contribution to global emissions to the causal contributions of other companies and countries, and that operations of RWE's subsidiaries were properly attributed to RWE as parent company. The claim ultimately failed because Lliuya could not establish a sufficiently imminent flood risk to his specific property - but the court confirmed, for the first time in a European higher court, that major emitters can in principle be held civilly liable under national law for climate-related harms caused anywhere in the world. The scientific foundation for that liability was not challenged.[17][18]

The implications for corporate data

Legal academics Rupert Stuart-Smith, Friederike Otto and Thom Wetzer have published detailed analysis of how attribution science supports causal argumentation in climate litigation, noting that 'climate science has a central role to play in many cases related to climate change' and that 'as the demands on courts to resolve issues related to climate change grow, judges are asked to adjudicate claims that introduce climate science to demonstrate that defendants' actions interfere with rights owed to claimants.'[19]

The implications for corporate governance are stark. A company's disclosed emissions data - especially its Scope 3 data - its supply chain traceability records, its environmental impact assessments and its management system documentation are all becoming potential evidence in a legal framework that is moving towards corporate accountability for environmental harm at a level of specificity that was not previously possible. Inaccurate, incomplete, or unverified emissions data is not merely a disclosure shortcoming. In a litigation context, it is a gap in the evidentiary record that prosecutors and plaintiffs will exploit. Boards that understand this are beginning to ask not just 'are we compliant?' but 'can we demonstrate, with independently verified evidence, that we understood our environmental impacts, managed them to an appropriate standard and disclosed them accurately?'

8. From compliance to governance: How boards should be thinking about ecocide risk

Most companies are managing ecocide risk at the wrong level of the organisation, using the wrong frameworks, with the wrong level of scrutiny. Here is what genuine board-level governance of this issue looks like.

The wrong level of the organisation

The most common response to emerging environmental legal risk in large organisations follows a predictable pattern: the risk is identified, assigned to the sustainability or legal function, incorporated into a risk register and managed through a combination of policy updates, management system adjustments and disclosure enhancements. That pattern was adequate for the previous generation of environmental regulatory risk - a world in which environmental liability was primarily civil, primarily administrative and primarily organisational in its consequences. It is not adequate for the emerging criminal liability framework that ecocide law represents.

Criminal liability requires a governance response, not a management response. The distinction matters. A management response treats the issue as a problem to be solved within the existing organisational structure, using existing tools and reporting lines, with board oversight provided through periodic updates from the function responsible. A governance response treats the issue as a board-level accountability question - one that the board owns, that it has the expertise and information to evaluate independently and that it is prepared to act on when the evidence requires.

The shifting litigation landscape

The Grantham Research Institute at the London School of Economics has documented in its 2025 Global Trends in Climate Change Litigation report that the broader impacts of climate and environmental litigation are 'becoming increasingly visible and well-documented,' including impacts on climate governance, legislation and financial decision-making. The report noted that 'highly anticipated decisions in corporate climate cases affirmed that companies have a duty to contribute to combatting climate change and in principle they can be held liable for climate-related harm.' This shift from policy debate to legal accountability is the context in which boards are now operating.[20]

Board composition and capability

The first element of genuine board-level governance of ecocide risk is board composition and capability. Does the board have sufficient environmental and legal expertise to evaluate the organisation's exposure independently, or is it entirely dependent on management representation? This does not mean that every board needs a former environmental regulator or ecosystem scientist as a member. It means that the board collectively needs the capability to ask hard, informed questions about environmental management and to understand the answers critically - rather than accepting management reassurances at face value.

Many boards have addressed this through the appointment of independent non-executive directors with sustainability or legal backgrounds, or through the establishment of dedicated environmental, social and governance committees with specifically mandated oversight of environmental risk and compliance. The committee structure matters less than its effectiveness - a dedicated ESG committee that receives only management-prepared reports and never commissions independent review is not meaningfully different from no committee at all.

Independent assurance as a board tool

The second element is independent assurance. The board should not be relying solely on management-prepared assessments of environmental performance. Third-party assurance over environmental management systems, supply chain due diligence processes and material environmental disclosure is the mechanism through which the board obtains evidence it can rely on independently of the management team that generated it. This is not a novel concept - audit committees have long insisted on independent financial audit for exactly this reason. The principle applies with equal force to non-financial performance in a world where non-financial liability is real, material and criminal.

The quality of the assurance provider matters significantly. An assurance opinion from a provider with no relevant credentials, no industry expertise and no understanding of the legal standards being applied is worth very little in a governance or liability context. Boards should be asking who is providing assurance over environmental performance, what standard they are applying, what scope of work they have undertaken and whether the resulting opinion would withstand scrutiny from a regulator or a court.

Scenario analysis and stress testing

The third element is scenario analysis. Boards should be stress-testing their environmental risk exposure against the emerging ecocide legal framework, not just current regulatory requirements. What activities in the organisation's direct operations or supply chain could potentially meet the threshold for serious environmental harm under the EU Environmental Crime Directive's 'comparable to ecocide' standard? What is the state of the documentation, management systems and independent verification for those activities? What would the organisation's position be if those activities were subject to criminal scrutiny rather than a standard regulatory audit?

Law firm Hogan Lovells has advised that companies should 'ensure board-level oversight of climate-related activities and risks, to ensure that they are consistent with corporate values and risk appetite, and that their interaction with regulatory, fiduciary and contractual duties is clearly understood' and should 'monitor developments in the status of the climate and significant changes in scientific understanding and attribution science.'[21]

Escalation and board-level reporting

The fourth element is escalation protocols. Does the board have clear mechanisms for ensuring that material environmental incidents, near-misses and emerging regulatory developments reach board level in a timely way, rather than being managed within the business and reported retrospectively? In most organisations, the escalation of environmental issues to board level is discretionary and depends on management judgement about what is significant enough to report. In a world where an environmental incident can create criminal liability for individual board members, that discretion needs to be replaced with a structured protocol that ensures the board is informed before, not after, it matters.

These are not aspirational governance standards designed for a hypothetical future. They are the minimum that a genuinely diligent board should be applying to a risk category that now carries criminal personal liability, is subject to mandatory disclosure obligations across multiple major jurisdictions and is increasingly capable of producing litigation with quantified damages assigned to named defendants. The boards that build this governance infrastructure now are the ones that will be able to demonstrate, if they ever need to, that they took the issue seriously before they were required to.

9. What good looks like: Building an environmental governance programme for ecocide-level scrutiny

The ecocide legal framework raises the bar for what genuine environmental due diligence looks like. Here is a practical framework for boards and management teams assessing whether their current programme is adequate.

Raising the standard

Every governance challenge eventually produces the same practical question: what does good actually look like? For ecocide risk, the answer requires thinking about environmental governance not against the standard of current regulatory compliance but against the standard of what a credible criminal or civil liability defence would require. Those are different standards and the gap between them - for most organisations - is larger than most boards have been told. Regulatory compliance means meeting the minimum requirements of applicable law in the jurisdictions in which you operate. A credible liability defence means being able to demonstrate, with independently verified evidence, that you understood the risks, built appropriate systems to manage them, monitored their effectiveness and acted on what the evidence showed.

The foundation: ISO 14001

The foundation of any adequate environmental governance programme at this level of scrutiny is an independently certified environmental management system. ISO 14001 - the international standard for environmental management systems - provides the structural framework for identifying environmental aspects and impacts, assessing associated risks and opportunities, establishing objectives and controls, monitoring performance and driving continuous improvement. Certification to ISO 14001 requires independent third-party audit against the standard's requirements, creating a contemporaneous record of the organisation's environmental management approach that has been verified by a qualified external party.

Certification to ISO 14001 does not guarantee the absence of environmental harm - no management system standard does. What it creates is the documented, independently audited evidence that the organisation has built a systematic approach to identifying and managing the risks. In a criminal or civil liability context, the difference between a certified management system and an internally managed approach is the difference between documented due diligence and self-attestation. Courts, regulators and opposing counsel understand this distinction, and it is not a minor one.

It is worth noting that ISO 14001 certification alone, while necessary, may not be sufficient against ecocide-level scrutiny. The standard requires that an organisation identify its significant environmental aspects and manage them appropriately - but the definition of 'appropriate' is calibrated to current regulatory requirements and stakeholder expectations, not to criminal liability thresholds. Boards should ensure that their environmental management programme goes beyond certification compliance to address the specific risk areas most exposed to ecocide frameworks: ecosystem destruction, biodiversity impact and supply chain traceability.

Nature and biodiversity: the TNFD framework

The emerging nature accountability frameworks - particularly TNFD, CSRD and the Kunming-Montreal Global Biodiversity Framework targets - all converge on a requirement for credible, verifiable data about a company's relationship with the natural world. The TNFD framework, published in 2023, provides the first comprehensive structure for companies to assess, manage and disclose nature-related risks and opportunities. It uses a LEAP methodology - Locate, Evaluate, Assess and Prepare - that takes companies through the process of identifying their interface with nature, evaluating their dependencies and impacts on natural systems, assessing the material risks and opportunities that flow from those dependencies and impacts, and preparing governance and strategy responses.

Completing a rigorous TNFD assessment is not simply a disclosure exercise. It is an operational process that forces an organisation to genuinely understand where and how its activities interact with living ecosystems. For many companies, that process surfaces risks that were not visible in standard environmental management system scope. It also produces the substantive evidence of nature-related risk understanding that is increasingly expected by investors, insurers and - in the ecocide context - by courts assessing whether a company was aware of the risks its activities posed to ecosystems.

Assurance standards and what they mean

The standard of assurance over environmental and sustainability disclosure matters significantly and the distinctions between different levels and types of assurance are not widely understood outside the professional services community. 'Limited assurance' - the most common form currently applied to sustainability reports - involves primarily enquiry and analytical procedures. The assurer obtains evidence that nothing has come to their attention that indicates the information is materially misstated. 'Reasonable assurance' - the standard applied to financial audit - involves more extensive evidence-gathering, including testing of underlying data and systems and provides a positive conclusion that the information presents fairly in all material respects.[9]

The difference between these two levels of assurance is the difference between a cursory review and a genuine deep-dive into the quality of underlying data and systems. In a litigation or enforcement context, the level and scope of assurance applied to a company's environmental disclosures will be examined critically. An assurance report that covers only scope 1 and 2 greenhouse gas emissions, using limited assurance procedures and issued by a provider with limited environmental expertise, does very little to establish the credibility of a company's broader environmental performance claims.

Supply chain audit and traceability

The third pillar of an adequate programme is supply chain due diligence that goes beyond self-declaration. As Hausfeld noted in its 2025 analysis of climate litigation developments: 'corporate compliance with climate obligations has remained a key focus, with courts across Europe, the United States and Australia continuing to scrutinise companies' contributions to greenhouse gas emissions and taking an increasingly critical eye to climate-based greenwashing.' The same scrutiny is being applied to environmental performance more broadly.[22]

Verified supply chain due diligence requires audited evidence of supplier environmental performance against defined standards - not supplier questionnaires, not contractual warranty clauses and not periodic site visits by the procurement team. The EU Deforestation Regulation has set the bar at traceability to the plot of land of origin for specific high-risk commodities. The ecocide framework is setting the bar at knowing whether any activity in your value chain could be characterised as causing widespread, long-lasting, or irreversible environmental damage. Neither of those standards is met by existing supply chain management practices in most large organisations.

Disclosure quality and legal defensibility

The fourth pillar is disclosure quality. Norton Rose Fulbright has highlighted in its climate litigation analysis that 'the question of whether downstream or Scope 3 emissions from fossil fuel projects must be considered by decision-makers came into sharper focus in 2024, with courts increasingly insisting on more rigorous scrutiny for high-emission projects.' The same trajectory applies to nature and biodiversity - the claims a company makes about its environmental performance are not just stakeholder communications. They are potential evidence.[23]

Boards should be asking their assurance providers not just whether they can issue a report, but whether the assurance they are providing would withstand the scrutiny of a regulator, a court, or an opposing expert witness. That is a higher bar than most current assurance engagements are designed to meet. It is, however, the bar that the emerging legal environment is setting. The organisations that build their environmental governance to this standard are not just managing risk. They are building a genuine competitive and legal position that will become more valuable as the regulatory environment continues to tighten.

The organisations best positioned are not necessarily the ones with the most sophisticated sustainability strategies. They are the ones with the most rigorous governance.

The organisations best positioned for the legal environment being created by ecocide law, climate liability litigation and nature accountability frameworks are not necessarily the ones with the most sophisticated sustainability strategies. They are the ones with the most rigorous governance - the ones that have built independently verified, well-documented, continuously improving environmental management programmes and that can demonstrate, with evidence rather than assertion, that the risks were known, were taken seriously and were actively managed. That is what good looks like. And it is increasingly what the law requires.

10. A practical framework for boards

The article series points to a practical governance test for boards: can the organisation demonstrate, with credible evidence, that environmental risks were understood, escalated, managed and independently verified?

The framework below translates the whitepaper into a board-level review structure. It is designed to sit alongside existing enterprise risk, legal, sustainability and audit committee processes.

Board discussion checklist

• Have we assessed whether our own operations or supply chain could create exposure to ecocide-comparable environmental harm?

• Have we reviewed the adequacy of our environmental management system against the emerging criminal liability standard, not only against current regulatory compliance?

• Can we demonstrate that the board received independent advice or assurance on material environmental risks?

• Are environmental disclosures treated as legal documents rather than communications outputs?

• Do board minutes record the questions asked, evidence reviewed and actions taken in response to identified environmental risks?

11. Conclusion: From environmental compliance to environmental accountability

Ecocide law is part of a broader transition from environmental compliance to environmental accountability. The shift is visible in national criminal laws, the EU Environmental Crime Directive, supply chain due diligence rules, nature-related disclosure frameworks, climate litigation and the scientific ability to attribute environmental losses to named companies.

The organisations best positioned for this legal environment are not necessarily those with the most sophisticated sustainability strategies. They are the ones with the most rigorous governance: independently verified, well-documented, continuously improving environmental management programmes that can demonstrate, with evidence rather than assertion, that risks were known, taken seriously and actively managed.

For boards, the practical message is direct. Ecocide risk should not be delegated as a communications issue, a reputational issue or a sustainability-function issue. It should be governed as a board-level risk category with clear accountability, independent assurance, supply chain visibility and legally defensible disclosure controls.

The time to build that governance architecture is before environmental accountability becomes personal.

Reporting tells the world what the organisation claims. Governance determines whether the claim is defensible. Evidence proves whether the governance was real.

About Speeki

Speeki is an independent assurance company helping organisations worldwide turn their compliance, sustainability and ESG initiatives into a competitive advantage. 

Speeki works with organisations on independent certification and assurance across sustainability, compliance and management system standards. Its role as a certification body is fundamentally different from that of a consultant: certification requires independence and objective assessment against defined requirements.

For organisations reviewing their environmental governance, supply chain due diligence, sustainability reporting controls or management system readiness, Speeki provides independent assessment and assurance support through its suite of certification and assurance services.

References

[1] Stop Ecocide International, 'FAQs - Ecocide and the Law: History and Background'. https://www.stopecocide.earth/faqs-ecocide-the-law

[2] Ecocide Law, 'Existing and Proposed Ecocide Laws - France and Belgium'. https://ecocidelaw.com/existing-ecocide-laws/

[3] Pohlmann & Company, 'Bill to Amend Environmental Criminal Law by Implementing the Ecocide Directive' (6 November 2025). https://www.pohlmann-company.com/en/bill-to-amend-environmental-criminal-law-by-implementing-the-ecocide-directive/

[4] Stop Ecocide International, 'Scottish Parliament Votes to Progress Ecocide Prevention Bill' (2025). https://www.stopecocide.earth/

[5] Stop Ecocide International / Independent Expert Panel, 'Legal Definition of Ecocide' (June 2021). https://www.stopecocide.earth/ecocide-law

[6] Stop Ecocide International, 'Germany Moves to Criminalise Cases Comparable to Ecocide as EU Directive Begins Entering National Law' (24 December 2025). https://www.stopecocide.earth/bn-2025/germany-moves-to-criminalise-cases-comparable-to-ecocide-as-eu-directive-begins-entering-national-law

[7] Ecocide Law Alliance, 'Questions and Answers on Ecocide Law' (March 2025). https://www.ecocidelawalliance.org/wp-content/uploads/2025/03/QA-on-Ecocide-Law_March_2025.pdf

[8] Ecocide Law, 'Existing and Proposed Ecocide Laws - EU Deforestation Regulation'. https://ecocidelaw.com/existing-ecocide-laws/

[9] UCLA Law Promise Institute Europe / Ecocide Law Advisory, 'Working Group on National Criminalization of Ecocide' (2025). https://www.promiseeurope.law.ucla.edu/ecocide-law-advisory

[10] Context by Thomson Reuters Foundation, 'Climate Change in Court: Cases to Watch in 2026' (11 December 2025). https://www.context.news/climate-justice/climate-change-in-court-cases-to-watch-in-2026

[11] Stop Ecocide International, 'FAQs - Ecocide and the Law: ICC Proposal and State Support'. https://www.stopecocide.earth/faqs-ecocide-the-law

[12] Stop Ecocide International, 'Ecocide Law - The Legal Process for Making Ecocide an International Crime'. https://www.stopecocide.earth/ecocide-law

[13] Stop Ecocide International, 'Ecocide Law - Universal Jurisdiction'. https://www.stopecocide.earth/ecocide-law

[14] Stop Ecocide International, 'Developing Ecocide Law - The Independent Expert Panel Definition' (June 2021). https://www.stopecocide.earth/

[15] Callahan, C.W. and Mankin, J.S., 'Carbon majors and the scientific case for climate liability', Nature, vol. 640, pp. 893-901 (April 2025). DOI: 10.1038/s41586-025-08751-3. https://www.nature.com/articles/s41586-025-08751-3

[16] InfluenceMap, 'Carbon Majors: 2023 Data Update', including analysis of Climate Superfund applications. https://influencemap.org/briefing/The-Carbon-Majors-Database-2023-Update-31397

[17] Columbia Law School Climate Law Blog, 'What Lliuya v. RWE Means for Climate Change Loss and Damage Claims' (19 June 2025). https://blogs.law.columbia.edu/climatechange/2025/06/19/what-lliuya-v-rwe-means-for-climate-change-loss-and-damage-claims/

[18] Loyens & Loeff, 'ESG Litigation Update: The Notable (German) Lliuya v. RWE Ruling and Some Dutch Legal Perspectives' (2025). https://www.loyensloeff.com/insights/news--events/news/esg-litigation-update-the-notable-german-lliuya-v.-rwe-ruling-and-some-dutch-legal-perspectives/

[19] Stuart-Smith, R., Otto, F.E.L. and Wetzer, T., 'Liability for Climate Change Impacts: the Role of Climate Attribution Science', in De Jong et al. (eds), Corporate Responsibility and Liability in Relation to Climate Change (Intersentia, 2022). Available at SSRN. https://papers.ssrn.com/sol3/papers.cfm?abstract_id=4226257

[20] Grantham Research Institute on Climate Change and the Environment, LSE, 'Global Trends in Climate Change Litigation: 2025 Snapshot' (11 December 2025). https://www.lse.ac.uk/granthaminstitute/publication/global-trends-in-climate-change-litigation-2025-snapshot/

[21] Hogan Lovells, 'Climate Liability Litigation: A Growing Risk for UK Financial Institutions' (2025). https://www.hoganlovells.com/en/publications/climate-liability-litigation-a-growing-risk-for-uk-financial-institutions

[22] Hausfeld, 'Summer Review: A Watershed Moment for Climate Litigation' (26 August 2025). https://www.hausfeld.com/what-we-think/perspectives-blogs/summer-review-a-watershed-moment-for-climate-litigation

[23] Norton Rose Fulbright, 'Climate Change Litigation Update' (July 2025). https://www.nortonrosefulbright.com/en/knowledge/publications/674162d1/climate-change-litigation-update-july-2025

This whitepaper is produced by Speeki for informational purposes. It is not legal advice. Organisations should seek qualified legal counsel on the application of specific environmental, criminal and corporate laws to their circumstances.